The Case of the Modified Binaries - Basically always need a way to validate things you download because there could be any number of systems inbetween corrupting or altering the downloaded file(s)

After creating and using a new exitmap module, I found downloaded binaries being patched through a Tor exit node in Russia. Tor is a wonderful tool for protecting the identity of journalists, their sources, and even regular users around the world; however, anonymity does not guarantee security.

Although Mogull is very enthusiastic about embracing the DevOps model for security, he also understands why some professionals might be hesitant to use it. Since the DevOps model is highly automated, it requires security professionals to have what Mogull referred to as trustable security automation. Historically, Mogull said, security professionals have had to do many elements of security testing manually, but that no longer necessarily needs to be the case in the DevOps model.

Federal officials warned companies Monday that hackers have stolen more than 500 million financial records over the past 12 months, essentially breaking into banks without ever entering a building.
"We're in a day when a person can commit about 15,000 bank robberies sitting in their basement," said Robert Anderson, executive assistant director of the FBI's Criminal Cyber Response and Services Branch.

...sometimes culture is bullshit. Culture is bullshit when a company thinks that having a ping pong table makes up for overbearing and demeaning management. Culture is bullshit when "unlimited vacation" is an intentional bait-and-switch to represent "no vacation." Culture is bullshit when misguided engineers take pleasure in forcing interview candidates to experience as uncomfortable an interview experience as possible to feed their own egos. Perhaps a more apt wording is that in our industry, culture is often bullshit.